Probably because that is assuming the cursor in $_POST is located at the beginning of the array.

Per the manual

Every array has an internal pointer to its "current" element, which is initialized to the first element inserted into the array.

However, all of the examples are numerically based index arrays. $_POST is not that type of an array, it is an associative array, and so the first inserted element, doesn't necessarily mean that element is located at the beginning of the array.

It would be best to use a foreach loop, or to skip the loop altogether and just use print_r or var_dump

Probably because that is assuming the cursor in $_POST is located at the beginning of the array.

Per the manual

However, all of the examples are numerically based index arrays. $_POST is not that type of an array, it is an associative array, and so the first inserted element, doesn't necessarily mean that element is located at the beginning of the array.

It would be best to use a foreach loop, or to skip the loop altogether and just use print_r or var_dump

`phpforeach ($_POST as $key => $val){ echo $key . '' . $val . '';}

// ORecho '

';print_r($_POST);echo '

';

// ORecho '

';var_dump($_POST);echo '

';

`

Thanks, I started with Java and get confused or don't know every validators in PHP yet. The validators (the brackets after if, English isn't my primary language so I'm not always sure if the word I'm typing is the correct one) are much more simple in Java because there are less options with more outcomes if you know what I mean.

QMonkey
—
2012-10-04T21:01:23Z —
#4

while($i = current($_POST)) {

is not your best condition to check. If the value is "falsy" (empty string, zero) it will break the loop. That's likely what was happening to you. foreach() as shown in the previous post would be better.

Skelly1983
—
2012-10-05T00:55:51Z —
#5

You may also want to check the $_POST for any illegal characters and sanitize against possible XSS attacks.

Current setup would not prevent code being inserted by placing

<script>alert("hacked")</script>

in your input box.

Using

htmlspecialchars($_POST);

and

strip_tags($_POST);

would help to avoid this.

Dreeass
—
2012-10-05T09:01:18Z —
#6

Skelly1983 said:

You may also want to check the $_POST for any illegal characters and sanitize against possible XSS attacks.

Current setup would not prevent code being inserted by placing <script>alert("hacked")</script>